Computer viruses reek havoc on government and industry computer networks. A virus may include a parasitic program written intentionally to infiltrate a computer system without user permission, and in some cases, knowledge. A virus as described in this application may also include a “worm,” “Trojan horse” and other vernacular known within the computer community and associated with software configured to degrade system operation. The term, “virus,” may also include less frequent, unintentional programming aberrations that can occur in the course of normal processing operations. Although the operation and characteristics of viruses often vary by design, some commonalities persist. For instance, many viruses attach themselves to a file, others may infect a boot sector, and some can replicate themselves, compounding their detrimental impact.
In this manner, viruses can cause serious damage to networks and negatively affect system performance. For instance, a worm program virus may automatically propagate to every disk in contact with a given hard drive. Another or the same virus may replicate itself in program memory until it overburdens a processor and brings an associated system down. Viruses may rapidly infiltrate and infect systems via electronic mail, as well as from downloading operations involving diskettes, user directories, the Internet and other network interfaces.
To this end, computer systems conventionally rely on antiviral software attendant at each user computer of a network. A network administrator or user may individually download or otherwise install such programs onto each computer. Dependant upon network configuration and server availability, users may periodically update their antiviral programs by downloading a most recent software version onto their hard drive.
In operation, conventional antiviral programs monitor data incoming to a user computer for characteristics indicative of a virus. Such characteristics may include known data patterns, such as an identifiable code sequence commonly used in replication functions. The software may additionally or alternatively scan how incoming data attaches to electronic transmissions (e.g. electronic mail), as well as unusual errors occurring within the operating system. Still other exemplary antiviral programs detect unexplainable memory allotments and irregular file names, among other indicators. In response to detecting a potentially infected data file, the antiviral program may sequester the data, warn the user, and/or otherwise flag the data.
Despite provisions afforded by conventional antiviral programs, viral occurrences persist. In part, such infestation is attributable to the evolving nature of viruses. Designers of viruses constantly modify and create new program code configured to elude antiviral programs and configurations. As a consequence, an effective antiviral programmer must continually attempt to anticipate new viruses by updating and refocusing protective code on different data strings and code indicators. Because code embodying viral patterns are subject to constant change, such a task often presents a losing proposition.
In other instances, an antiviral program may flag legitimate program code that it mistakes for a virus. Such misidentification is at least in part a product of network terrorists' attempts to conceal viruses by imparting to their viruses legitimate code and other attributes to give them the appearance of a conforming, benign transmission. In any case, antiviral programs/precautions directed to these “Trojan horse” viruses can actually result in processing delays and data losses that prove detrimental to system operation even in the absence of a real viral threat.
Another obstacle plaguing efforts to recognize and confine viruses regards the localized nature of antiviral program implementations. Conventional antiviral applications can typically only affect those files received at the local computer or server at which the antiviral application is executing. For instance, the scope of server-based antiviral software is limited to only that data that passes through the particular server. Thus, other computers within the same network remain susceptible to simultaneous or subsequent occurrences of a virus.
Moreover, updating antiviral software at each user computer of a network can be time consuming and even complicated for personnel. For instance, it may take several hours for a new program to download properly from a server to a user computer. Such demands often pose an inconvenience to users and result in a reluctance to keep antiviral software updated. As such upgrades may be incumbent upon the individual users, certain computers within the network may remain vulnerable to viral attack. As such, viruses often propagate throughout an entire network before they can be quarantined and evaluated. Thus, the uncoordinated and decentralized practice of detecting viruses at each individual user computer can frustrate efforts to track, stymie and study viruses.
Consequently, and for in part the above delineated reasons, there exists a need for an improved manner of monitoring computer networks for viral and other disruptive occurrences.